January 4, 2011

Vulnerabilities in .Net Framework

They are the ones that will allow the attacker to drop some kind of trojans in to any kind of software like adobe, Flash player, Microsoft .Net. Mostly, people with high level of expertise only can find these vulnerabilities and can access the code of the software and changes it.


Recently there was a vulnerability found in the programming tool Microsoft ASP.Net that could lead to information disclosure. An attacker who successfully exploited this vulnerability could read data, such as the view state of the system on the network, which was encrypted by the server. This vulnerability can also be used for data tampering, which, if successfully exploited, could be used to decrypt and tamper with the data encrypted by the server. Microsoft .NET Framework versions prior to Microsoft .NET Framework 3.5 Service Pack 1 are not affected by the file content disclosure portion of this vulnerability.

Products and their versions affected by this vulnerability or prone to this vulnerability are:

Microsoft .Net framework 1.0 SP3, .Net Framework  1.1 SP1, .Net Framework 2.0 SP1 & SP2, .Net Framework 3.5 SP1 , 3.5.1 and .Net Framework 4.0. Here we will see the mostly used version that is 3.5.1 and it most important vulnerability. The Id for that vulnerability is CVE-2010-1898. 
  • This vulnerability exposes the full system files information to the attacker
  • There will be complete loss of system protection, resulting in the entire system being compromised.
  • Attacker can make the user lose his availability of his data by rendering the resource completely unavailable like the system unable to boot
  • One of the main reasons being the authentication unavailability; that means there is no authentication to modify the data and this vulnerability has caught the same point in attracting the attackers to make this vulnerable
  • This particular vulnerability is executable type; there will be executable code that will be executed in implementing the above stated threats.
The best way to prevent this is to update the version of .Net frame version as and when compatible and available version is released.


Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog



There was an error in this gadget
Twitter Delicious Facebook Digg Stumbleupon Favorites More